3.14 is no longer supported upstream by kernel.org and thus no longer
receives security patches. The git commit mentioned in this .nix isn't
even available in the linked repository --
https://chromium.googlesource.com/chromiumos/third_party/kernel -- so I
think this .nix might be dead anyway. Finally, it specifies 3.14.0,
which is so ridiculously old (the latest was 3.14.79) that nobody
develops for it.
Fixes: #25145
Supports: #25127
* programs.zsh: add enableOhMyZsh option to automate setup of oh-my-zsh in global zshrc
* programs.zsh: make oh-my-zsh plugins configurable
* programs.zsh: add ohMyZshCustom option
* programs.zsh: add ohMyZshTheme option
* programs.zsh: applying minor fixes to evaluate expressions properly
* programs.zsh: fix ordering of oh-my-zsh config and execution
* programs.zsh: move all oh-my-zsh params into its own scope named programs.zsh.oh-my-zsh
runit-init calls the runit executable as /sbin/runit, which
obviously fails for us.
This should improve support for using runit as an init replacement.
The idea is to provide a convenient way to enable most vanilla hardening
features in one go. The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).
Closes https://github.com/NixOS/nixpkgs/pull/24680
This reverts commit 6b7c5ba535.
Unfortunately it seems like this broke slim, lightdm and gdm (see #25068
and #23264). This is already reverted in the 17.03 branch (99dfb6d).
TODO: We need tests for slim and lightdm and fix the test for gdm
(failing since 2016-10-26) to prevent such breakage in the future.
On my local nixos machine, `useSandbox = true;` wasn't enabled. This exposed the fact that various scripts weren't shebang-patched. @cleverca22 has provided the fix.
cc @peti @domenkozar @Ericson2314
